Hello,
I just received an email from Google stating I might be under phishing attack... I am worried because few days ago I had to provide my web developer who is creating a ecommerce site for me an API PayPal password, username and signature in order to integrate the shopping cart in. Does anybody know if this is the reason why I recieved the email from Google.

I spoke to PayPal before giving out the API information and they informed me it was safe to provide to my developer.

Can you anonymise the mail claiming to come from Google and post it here ?
Have you used the same password for your Paypal API that you use for other services (eg Gmail) that might now be accessible to your "Web Developer" ?

Dear site owner or webmaster of .........com,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

Here is a link to a sample warning page:http://www.google.com/interstitial?u...9230a6ea03173/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting http://www.google.com/safebrowsing/r...r/?tpl=emailer
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

So, it may be your "Web Developer" is misusing the site, that he is creating for you, to conduct phishing attacks. You've obscured the suspicious link in your site, so it is not possible to say for certain.
Edit:
I found it anyway. Your site contains a bogus Paypal Login Screen, with odd spelling etc.

Attached Thumbnails

Last edited by me.anon; 27.06.2015 at 11:41.
Reason: added picture

The following 5 users would like to thank me.anon for this useful post:

The first thing should be to stop the whole thing in order to avoid causing damage. Your site appears to be hosted by hostgator.com, ask them to take the domain offline. That'll give you time to fix things properly.

Note:
The hoster can be compared to a landlord, who you rent the space for your digital store or website from. By asking him to take your website offline it's like asking your landlord to stop access to a real shop for the time being.

Google's role here, as far as I can see, has been limited to discovering the falsified Paypal login screen on your web site and reporting it to you as the registered web site owner (whois lookup).
I guess you did this:
(a) chose a nice domain name and registered it.
(b) found a web hosting provider for your site (the one with the alligator logo)
(c) somehow found a "web developer" to build a site, integrate a shopping cart and Paypal etc. and handed him over all the credentials for administering the site.

It would appear that this "web site developer" has misused the credentials you entrusted to him to create a bogus Paypal loging screen for phishing passwords etc.

You should change the passwords that you have given that "web site developer" and either (a) delete what he has created on your site or (b) explain what has happened to your internet service provider and let them clean up the whole mess.

__________________If you have difficulties with a post which contains a link to a site in one of the Swiss languages, use Google Translate or your own favourite translating browser.

It would appear that this "web site developer" has misused the credentials you entrusted to him to create a bogus Paypal loging screen for phishing passwords etc.

Alternatively, the web site developer did a sloppy job and left some part of the site unsecured, or failed to apply the latest security patches. The Internets, being what they are, are always scanning and found the security failure quickly. Then some bad operator somewhere uploaded his phishing pages to your site.

Yes, it is very common for a hacker to break into a site just to add a phishing form. It is also very common for the site owner to be unaware that this happened. So Google sends these emails to improve the state of internet security and make things harder for phishers.

Most likely, your web developer is rubbish at computer security, but not actively complicit. There is a slight chance that he is good but unlucky, and also a slight chance that he is complicit. Alternatively, the problem could lie with the hosting provider, depending on exactly how the provider and the developer are dividing up the work.

Personally, I think that securing a website is such an important part of building one, that a development team with rubbish security competence should be seen as just rubbish. However, low security awareness is rather common, and it is hard to say how best to fix the situation. Also, good security costs, and since a lot of site owners don't think of it or even know anything about it, a lot of developers don't spend time on it.